ASLR^CACHE Attack Defeats Address Space Layout Randomization

February 15, 2017 by Pedro Umbelino 45 Comments

Researchers from VUSec found a way to break ASLR via an MMU sidechannel attack that even works in JavaScript. Does this matter? Yes, it matters. A lot. The discovery of this security flaw along with the practical implementation is really important mainly because of two factors: what it means for ASLR to be broken and how the MMU sidechannel attack works inside the processor.

Address Space Layout Randomization or ASLR is an important defense mechanism that can mitigate known and, most importantly, unknown security flaws. ASLR makes it harder for a malicious program to compromise a system by, as the name implies, randomizing the process addresses when the main program is launched. This means that it is unlikely to reliably jump to a particular exploited function in memory or some piece of shellcode planted by an attacker.

Breaking ASLR is a huge step towards simplifying an exploit and making it more reliable. Being able to do it from within JavaScript means that an exploit using this technique can defeat web browser ASLR protection running JavaScript, the most common configuration for Internet users.

ASLR have been broken before in some particular scenarios but this new attack highlights a more profound problem. Since it exploits the way that the memory management unit (MMU) of modern processors uses the cache hierarchy of the processor in order to improve the performance of page table walks, this means that the flaw is in the hardware itself, not the software that is running. There are some steps that the software vendors can take to try to mitigate this issue but a full and proper fix will mean replacing or upgrading hardware itself.

In their paper, researchers reached a dramatic conclusion:

Continue reading “ASLR^CACHE Attack Defeats Address Space Layout Randomization” →

Hackaday.io Passes 200,000 Registered Users

February 14, 2017 by Mike Szczys 18 Comments

Hackaday.io just welcomed the 200,000th registered user! We are the world’s largest repository of open hardware projects and Hackaday.io is proving its worth as the world’s most vibrant technology community. This is where you go to get inspiration for your next project, to get help fleshing out your product ideas, to build your engineering dream team, and to tell the tales of the workbench whether that be success, failure, or anything in between.

Over the past six months, as we’ve grown from the 150k member milestone to this one, our movement has enjoyed ever-increasing interaction among this amazing group of people. Thank you for spending so much time here and making Hackaday.io a great place for everyone!

Hack Chat Bring Experts from Many Fields

It’s always great when you can watch a conference talk or interview online. But if you weren’t there in person the opportunity for meaningful interaction has already passed. With this in mind, we’ve been inviting experts from numerous fields to host discussions live in the Hackaday.io Hack Chat room.

This is a great way to further our goal of forming a global virtual hackerspace. It’s common to have talks and workshops at a hackerspace, where you can not only learn from and ask questions of the person leading the event, but meet others who share your interests. This has happened time and again with recent guests including Bunnie Huang who talked about making and breaking hardware, a group of Adafruit engineers who discussed their work extending the MicroPython libraries, Sprite_tm who covered the continuing development of ESP32 support, and many more.

This Friday at Noon PST Hackaday’s own Jenny List will be leading the Hack Chat on RF Product design. See you there!

Amazing Projects

It’s pretty amazing to see a guide on building a smartphone for $50 in parts. If that exists anywhere, it’s probably on Hackaday.io — and it’s actually pushing about 80,000 views so far! Arsenijs is a regular around these parts and his ZeroPhone — a 2G communications device based on the Raspberry Pi Zero — is a project that he’s been updating as his prototype-to-production journey progresses. It has a big team behind it and we can’t wait to see where this one goes.

Working on your own is still a great way to learn and we see all kinds of examples of that. Just4Fun is learning the dark arts that went into early personal computing with a $4 project to build a Z80 system on a breadboard.

We revel in the joy of seeing great hardware art come to life. FlipFrame is a great example; it’s a digital picture frame project that goes far beyond that simple description. It rotates the entire screen to fit the layout of the image while showing off all of the hardware that makes this possible rather than hiding it away inside a case.

In addition to our registered users milestone, we’re just about to pass our 20,000th published project. There are so many projects to celebrate and draw inspiration from, and that collection grows every day!

The Rise of Build Contests

This winter we’ve seen a ton of interest in the build contests hosted on Hackaday.io. Of course, nothing can compare to the reach of the Hackaday Prize, our worldwide engineering initiative that challenges people to Build Something That Matters. The 2016 winners were announced in November; even so, people have been tripping over themselves to get a project built for the numerous contests we’ve hosted since then.

Of note is the 1 kB Challenge — a contest dreamed up by our own Adam Fabio which challenged entrants to build an embedded project whose compiled code was 1 kB or less. It was a joy to dive into the entries for this and it will certainly return again.

Running right now is the revival of my favorite build contest: the Hackaday Sci-Fi Contest. Bring your favorite Sci-Fi tech to life — it just needs to be recognizable from a book, movie, or TV show and include some type of electronics.

Meet Your Friends in Real Life

Some of my closest friends in life were first met online. But eventually, you just want to hang out in the same room. This is becoming more and more common with Hackaday.io. In November we celebrated our second Hackaday SuperConferece where hundreds of people who love hardware creation gathered in Los Angeles for two days of amazing talks, workshops, and hands-on hacking challenges. This is a good one to add to your calendar but tickets do sell out so consider some other options.

We have regular meetups in LA and New York. If you are ever traveling there, make sure to look up the schedule and see if it can be part of your trip. Perhaps the most interesting was World Create Day. In 2016, we had 80 groups across the world plan meetups on the same day so that the Hackaday community could hang out in real life. We’re not ready to share the details quite yet, but you should plan for that to happen again this year. Something to look forward to!

Coding As A Foreign Language

February 9, 2017 by Jenny List 66 Comments

How many of you speak more than one language? Since Hackaday is an English-language site whose readership is world-wide, we are guessing quite a lot of you are not monoglots. Did you learn your second or third languages at school, and was it an experience you found valuable? How about your path into software? If you are a coder, were you self-taught or was your school responsible for that as well?

It’s been a constant of the last few decades, officials and politicians in charge of education worrying that tech-illiterate children are being churned out of schools ill-equipped for the Jobs Of Tomorrow, and instituting schemes to address the issue. One of the latest of these ideas has come our way from Florida, and it’s one that has sparked some controversy. It sounds simple enough, make coding equivalent to language learning when it comes to credits in Floridian high schools.

You might think that this idea would be welcome, but instead it has attracted criticism from those concerned that it will become an either-or choice in cash-strapped school districts. This could lead to kids without an extra language being at a disadvantage when it comes to applying for higher education. There are also concerns that the two subjects are not equivalent, and should not be conflated.

It’s difficult from the perspective of an adult technical journalist without a background in education to speculate on the relative benefits to young minds of either approach. It is very likely though that just as with previous generations the schools will discover that there is limited benefit in pushing coding at kids with little aptitude or interest in it, and that the benefits in terms of broader outlook and intellectual exercise gained by learning another language might be lost.

Which was more valuable to you at school, coding or learning a language? Were you of the generation that learned coding through BASIC from the manual that came with your home computer, and should today’s kids be doing the same with Scratch and Python on boards like the Raspberry Pi? Let us know in the comments.

Child at computer image: Nevit Dilmen [CC-BY-SA-3.0], via Wikimedia Commons.

AI Beats Poker Pros: Skynet Looms

February 7, 2017 by Elliot Williams 42 Comments

There have been a few “firsts” in AI-versus-human gaming lately, and the computers are now beating us at trivia, chess and Go. But in some sense, none of these are really interesting; they’re all games of fact. Poker is different. Aside from computing the odds of holding the winning hand, where a computer would obviously have an advantage, the key to winning in poker is bluffing, and figuring out when your opponent is bluffing. Until recently, this has helped man beat the machine. Those days are over.

Chess and Go are what a game theorist would call games of perfect information: everyone knows everything about the state of the game just from looking at the board, and this means that there is, in principle, a best strategy (series of moves) for every possible position. Granted, it’s hard to figure these out because it’s a big brute-force problem, but it’s still a brute-force problem where computers have an innate advantage. Chess and Go are games where the machines should be winning. Continue reading “AI Beats Poker Pros: Skynet Looms” →

Yes/No Neural Interface Partly Works

February 2, 2017 by Elliot Williams 19 Comments

It sounds like something out of a sci-fi or horror movie: people suffering from complete locked-in state (CLIS) have lost all motor control, but their brains are otherwise functioning normally. This can result from spinal cord injuries or anyotrophic lateral sclerosis (ALS). Patients who are only partially locked in can often blink to signal yes or no. CLIS patients don’t even have this option. So researchers are trying to literally read their minds.

Neuroelectrical technologies, like the EEG, haven’t been successful so far, so the scientists took another tack: using near-infrared light to detect the oxygenation of blood in the forehead. The results are promising, but we’re not there yet. The system detected answers correctly during training sessions about 70% of the time, where the upper bound for random chance is around 65% — varying from trial to trial. This may not seem overwhelmingly significant, but repeating the question many times can help improve confidence in the answer, and these are people with no means of communicating with the outside world. Anything is better than nothing?

It’s noteworthy that the blood oxygen curves over time vary significantly from patient to patient, but seem roughly consistent within a single patient. Some people simply have patterns that are easier to read. You can see all the data in the paper.

They go into the methodology as well, which is not straightforward either. How would you design a test for a person who you can’t even tell if they are awake, for instance? They ask complementary questions (“Paris is the capital of France”, “Berlin is the capital of Germany”, “Paris is the capital of Germany”, and “Berlin is the capital of France”) to be absolutely sure they’re getting the classifications right.

It’s interesting science, and for a good cause: improving the quality of life for people who have lost all contact with their bodies. (Most of whom answered “yes” to the statement “I am happy.” Food for thought.)

Via Science-Based Medicine, and thanks to [gippgig] for the unintentional tip! Photo from the Wyss Center, one of the research institutes involved in the study.

Fail Of The Week: GitLab Goes Down

February 2, 2017 by Jenny List 57 Comments

Has work been a little stressful this week, are things getting you down? Spare a thought for an unnamed sysadmin at the GitHub-alike startup GitLab, who early yesterday performed a deletion task on a PostgreSQL database in response to some problems they were having in the wake of an attack by spammers. Unfortunately due to a command line error he ran the deletion on one of the databases behind the company’s main service, forcing it to be taken down. By the time the deletion was stopped, only 4.5 Gb of the 300 Gb trove of data remained.

Reading their log of the incident the scale of the disaster unfolds, and we can’t help wincing at the phrase “out of 5 backup/replication techniques deployed none are working reliably or set up in the first place“. In the end they were able to restore most of the data from a staging server, but at the cost of a lost six hours of issues and merge requests. Fortunately for them their git repositories were not affected.

For 707 GitLab users then there has been a small amount of lost data, the entire web service was down for a while, and the incident has gained them more publicity in a day than their marketing department could have achieved in a year. The post-mortem document makes for a fascinating read, and will probably leave more than one reader nervously thinking about the integrity of whichever services they are responsible for. We have to hand it to them for being so open about it all and for admitting a failure of their whole company for its backup failures rather than heaping blame on one employee. In many companies it would all have been swept under the carpet. We suspect that GitLab’s data will be shepherded with much more care henceforth.

We trust an increasing amount of our assets to online providers these days, and this tale highlights some of the hazards inherent in placing absolute trust in them. GitLab had moved from a cloud provider to their own data centre, though whether or not this incident would have been any less harmful wherever it was hosted is up for debate. Perhaps it’s a timely reminder to us all: keep your own backups, and most importantly: test them to ensure they work.

Thanks [Jack Laidlaw] for the tip.

Rack server image: Trique303 [CC BY-SA 4.0], via Wikimedia Commons.

These Five Hackaday.io Members Just Won Fancy New CircuitPython Boards

January 28, 2017 by Brian Benchoff 9 Comments

Just a few hours ago, we had a HackChat over on Hackaday.io with Adafruit discussing CircuitPython, their new extension to the MicroPython codebase. During the chat, the folks at Adafruit took questions and asked participants in the chat what they’d like to build with some cool new hardware. These CircuitPlayground M0 Express boards are brand new, unreleased hardware. Really cool stuff.

The winners of these unreleased boards, and the projects they’ll be using them for are: [RaidDude8] for a light painting system, [gelatinousslime] for a ‘magic wand’ for his daughter that reacts to gestures, [Neon22] for a multiuser game using Neopixels, [turbinenreiter] for a gravity demonstrator using Neopixels and the accelerometer, and [todbot] for a Powermate knob USB HID clone.

During the chat, The folks at Adafruit talked about their additions to MicroPython. It’s a rework of the API, provides better support for more platforms, and extends the entire thing to microcontrollers. If you like Python and want to get into microcontrollers, this one is for you.

If you missed the chat, you can still check out Adafruit’s live stream right here, or the transcript right here. Below, you can check out Lady Ada awarding the new boards after the break.

We have a few more HackChats coming up in the next few weeks, one with [Sprite_TM], inevitably discussing why he won’t do a crowdfunding campaign for his tiny, tiny Game Boy, an RF talk with [Jenny List], and a chat with Sparkfun. You can check out the upcoming HackChats here. Want to get in on the action? Request to join the HackChat and you’re in.

Continue reading “These Five Hackaday.io Members Just Won Fancy New CircuitPython Boards” →